Change 94798 by pjd@pjd_anger on 2006/04/08 07:18:48 Implement cuio_apply(), equivalent to m_apply(9). Change 94802 by pjd@pjd_anger on 2006/04/08 07:49:30 - Add swcr_authprepare() function which prepares authentication key. - Allow to provide key for every authentication operation, not only at newsession time by honoring CRD_F_KEY_EXPLICIT flag. - Make giving key at newsession time optional - don't try to operate on it if its NULL. - Extend COPYBACK()/COPYDATA() macros to handle CRYPTO_BUF_CONTIG buffer type as well. - Accept CRYPTO_BUF_IOV buffer type in swcr_authcompute() as we have cuio_apply() now. Change 94803 by pjd@pjd_anger on 2006/04/08 08:04:47 Implement CUIO_SKIP() macro which is only responsible for skipping the given number of bytes from iovec list. This allows to avoid duplicating the same code in three functions. Change 94806 by pjd@pjd_anger on 2006/04/08 08:41:05 Fix a very old bug in HMAC/SHA{384,512}. When HMAC is using SHA384 or SHA512, the blocksize is 128 bytes, not 64 bytes as anywhere else. Change 94808 by pjd@pjd_anger on 2006/04/08 09:57:45 16 bits for key length is more than enough. Change 94809 by pjd@pjd_anger on 2006/04/08 10:04:43 - Remove authsize field from auth_hash structure. - Allow consumer to define size of hash he wants to receive. This allows to use HMAC not only for IPsec, where 96 bits MAC is requested. The size of requested MAC is defined at newsession time in cri_mlen field - when 0, entire MAC will be returned. Change 95008 by pjd@pjd_slayer on 2006/04/11 18:40:34 - Make opencrypto more SMP friendly by dropping the queue lock around crypto_invoke(). This allows to serve multiple crypto requests in parallel and not bached requests are served lock-less. Drivers should not depend on the queue lock beeing held around crypto_invoke() and if they do, that's an error in the driver - it should do its own synchronization. - Don't forget to wakeup the crypto thread when new requests is queued and only if both symmetric and asymmetric queues are empty. - Symmetric requests use sessions and there is no way driver can disappear when there is an active session, so we don't need to check this, but assert this. This is also safe to not use the driver lock in this case. - Assymetric requests don't use sessions, so don't check the driver in crypto_kinvoke(). - Protect assymetric operation with the driver lock, because if there is no symmetric session, driver can disappear. - Don't send assymetric request to the driver if it is marked as blocked. - Add an XXX comment, because I don't think migration to another driver is safe when there are pending requests using freed session. - Remove 'hint' argument from crypto_kinvoke(), as it serves no purpose. - Other small simplifications and cleanups. Change 95033 by pjd@pjd_slayer on 2006/04/11 22:15:39 - Don't hold the driver lock around kprocess method call, instead use cc_koperations to track number of in-progress requests. - Cleanup register/unregister code a bit. Change 96422 by pjd@pjd_anger on 2006/04/30 17:51:32 We cannot decide which hash function to use for HMAC based on the key length, because any HMAC function can use any key length. To fix it split CRYPTO_SHA2_HMAC into three algorithm: CRYPTO_SHA2_256_HMAC, CRYPTO_SHA2_384_HMAC and CRYPTO_SHA2_512_HMAC. Those names are consistent with OpenBSD recent naming. Change 96446 by pjd@pjd_zoo on 2006/04/30 22:57:25 If kern.cryptodevallowsoft is TRUE allow also for symmetric software crypto in kernel. Useful for testing. --- //depot/vendor/freebsd/src/sys/opencrypto/criov.c 2005/01/07 02:32:16 +++ //depot/user/pjd/geom_classes/sys/opencrypto/criov.c 2006/04/08 08:04:47 @@ -40,6 +40,23 @@ #include +/* + * This macro is only for avoiding code duplication, as we need to skip + * given number of bytes in the same way in three functions below. + */ +#define CUIO_SKIP() do { \ + KASSERT(off >= 0, ("%s: off %d < 0", __func__, off)); \ + KASSERT(len >= 0, ("%s: len %d < 0", __func__, len)); \ + while (off > 0) { \ + KASSERT(iol >= 0, ("%s: empty in skip", __func__)); \ + if (off < iov->iov_len) \ + break; \ + off -= iov->iov_len; \ + iol--; \ + iov++; \ + } \ +} while (0) + void cuio_copydata(struct uio* uio, int off, int len, caddr_t cp) { @@ -47,22 +64,9 @@ int iol = uio->uio_iovcnt; unsigned count; - if (off < 0) - panic("cuio_copydata: off %d < 0", off); - if (len < 0) - panic("cuio_copydata: len %d < 0", len); - while (off > 0) { - if (iol == 0) - panic("iov_copydata: empty in skip"); - if (off < iov->iov_len) - break; - off -= iov->iov_len; - iol--; - iov++; - } + CUIO_SKIP(); while (len > 0) { - if (iol == 0) - panic("cuio_copydata: empty"); + KASSERT(iol >= 0, ("%s: empty", __func__)); count = min(iov->iov_len - off, len); bcopy(((caddr_t)iov->iov_base) + off, cp, count); len -= count; @@ -80,22 +84,9 @@ int iol = uio->uio_iovcnt; unsigned count; - if (off < 0) - panic("cuio_copyback: off %d < 0", off); - if (len < 0) - panic("cuio_copyback: len %d < 0", len); - while (off > 0) { - if (iol == 0) - panic("cuio_copyback: empty in skip"); - if (off < iov->iov_len) - break; - off -= iov->iov_len; - iol--; - iov++; - } + CUIO_SKIP(); while (len > 0) { - if (iol == 0) - panic("uio_copyback: empty"); + KASSERT(iol >= 0, ("%s: empty", __func__)); count = min(iov->iov_len - off, len); bcopy(cp, ((caddr_t)iov->iov_base) + off, count); len -= count; @@ -137,3 +128,31 @@ return (NULL); } + +/* + * Apply function f to the data in an iovec list starting "off" bytes from + * the beginning, continuing for "len" bytes. + */ +int +cuio_apply(struct uio *uio, int off, int len, int (*f)(void *, void *, u_int), + void *arg) +{ + struct iovec *iov = uio->uio_iov; + int iol = uio->uio_iovcnt; + unsigned count; + int rval; + + CUIO_SKIP(); + while (len > 0) { + KASSERT(iol >= 0, ("%s: empty", __func__)); + count = min(iov->iov_len - off, len); + rval = (*f)(arg, ((caddr_t)iov->iov_base) + off, count); + if (rval) + return (rval); + len -= count; + off = 0; + iol--; + iov++; + } + return (0); +} --- //depot/vendor/freebsd/src/sys/opencrypto/crypto.c 2006/04/11 18:05:51 +++ //depot/user/pjd/geom_classes/sys/opencrypto/crypto.c 2006/04/30 16:48:33 @@ -64,6 +64,7 @@ static struct mtx crypto_q_mtx; #define CRYPTO_Q_LOCK() mtx_lock(&crypto_q_mtx) #define CRYPTO_Q_UNLOCK() mtx_unlock(&crypto_q_mtx) +#define CRYPTO_Q_EMPTY() (TAILQ_EMPTY(&crp_q) && TAILQ_EMPTY(&crp_kq)) /* * There are two queues for processing completed crypto requests; one @@ -98,8 +99,8 @@ static void crypto_ret_proc(void); static struct proc *cryptoretproc; static void crypto_destroy(void); -static int crypto_invoke(struct cryptop *crp, int hint); -static int crypto_kinvoke(struct cryptkop *krp, int hint); +static int crypto_invoke(struct cryptocap *cap, struct cryptop *crp, int hint); +static int crypto_kinvoke(struct cryptkop *krp); static struct cryptostats cryptostats; SYSCTL_STRUCT(_kern, OID_AUTO, crypto_stats, CTLFLAG_RW, &cryptostats, @@ -328,6 +329,15 @@ return err; } +static void +crypto_remove(struct cryptocap *cap) +{ + + mtx_assert(&crypto_drivers_mtx, MA_OWNED); + if (cap->cc_sessions == 0 && cap->cc_koperations == 0) + bzero(cap, sizeof(*cap)); +} + /* * Delete an existing session (or a reserved session on an unregistered * driver). @@ -335,6 +345,7 @@ int crypto_freesession(u_int64_t sid) { + struct cryptocap *cap; u_int32_t hid; int err; @@ -352,24 +363,19 @@ err = ENOENT; goto done; } + cap = &crypto_drivers[hid]; - if (crypto_drivers[hid].cc_sessions) - crypto_drivers[hid].cc_sessions--; + if (cap->cc_sessions) + cap->cc_sessions--; /* Call the driver cleanup routine, if available. */ - if (crypto_drivers[hid].cc_freesession) - err = crypto_drivers[hid].cc_freesession( - crypto_drivers[hid].cc_arg, sid); + if (cap->cc_freesession) + err = cap->cc_freesession(cap->cc_arg, sid); else err = 0; - /* - * If this was the last session of a driver marked as invalid, - * make the entry available for reuse. - */ - if ((crypto_drivers[hid].cc_flags & CRYPTOCAP_F_CLEANUP) && - crypto_drivers[hid].cc_sessions == 0) - bzero(&crypto_drivers[hid], sizeof(struct cryptocap)); + if (cap->cc_flags & CRYPTOCAP_F_CLEANUP) + crypto_remove(cap); done: CRYPTO_DRIVER_UNLOCK(); @@ -388,11 +394,12 @@ CRYPTO_DRIVER_LOCK(); - for (i = 0; i < crypto_drivers_num; i++) + for (i = 0; i < crypto_drivers_num; i++) { if (crypto_drivers[i].cc_process == NULL && - (crypto_drivers[i].cc_flags & CRYPTOCAP_F_CLEANUP) == 0 && - crypto_drivers[i].cc_sessions == 0) + (crypto_drivers[i].cc_flags & CRYPTOCAP_F_CLEANUP) == 0) { break; + } + } /* Out of entries, allocate some more. */ if (i == crypto_drivers_num) { @@ -543,9 +550,9 @@ int crypto_unregister(u_int32_t driverid, int alg) { + struct cryptocap *cap; + u_int32_t ses, kops; int i, err; - u_int32_t ses; - struct cryptocap *cap; CRYPTO_DRIVER_LOCK(); @@ -563,13 +570,15 @@ if (i == CRYPTO_ALGORITHM_MAX + 1) { ses = cap->cc_sessions; - bzero(cap, sizeof(struct cryptocap)); - if (ses != 0) { + kops = cap->cc_koperations; + bzero(cap, sizeof(*cap)); + if (ses != 0 || kops != 0) { /* * If there are pending sessions, just mark as invalid. */ cap->cc_flags |= CRYPTOCAP_F_CLEANUP; cap->cc_sessions = ses; + cap->cc_koperations = kops; } } err = 0; @@ -590,9 +599,9 @@ int crypto_unregister_all(u_int32_t driverid) { + struct cryptocap *cap; + u_int32_t ses, kops; int i, err; - u_int32_t ses; - struct cryptocap *cap; CRYPTO_DRIVER_LOCK(); @@ -603,13 +612,15 @@ cap->cc_max_op_len[i] = 0; } ses = cap->cc_sessions; - bzero(cap, sizeof(struct cryptocap)); - if (ses != 0) { + kops = cap->cc_koperations; + bzero(cap, sizeof(*cap)); + if (ses != 0 || kops != 0) { /* * If there are pending sessions, just mark as invalid. */ cap->cc_flags |= CRYPTOCAP_F_CLEANUP; cap->cc_sessions = ses; + cap->cc_koperations = kops; } err = 0; } else @@ -657,8 +668,9 @@ int crypto_dispatch(struct cryptop *crp) { - u_int32_t hid = CRYPTO_SESID2HID(crp->crp_sid); - int result, wasempty; + struct cryptocap *cap; + u_int32_t hid; + int result; cryptostats.cs_ops++; @@ -667,19 +679,22 @@ binuptime(&crp->crp_tstamp); #endif - CRYPTO_Q_LOCK(); - wasempty = TAILQ_EMPTY(&crp_q); + hid = CRYPTO_SESID2HID(crp->crp_sid); + if ((crp->crp_flags & CRYPTO_F_BATCH) == 0) { - struct cryptocap *cap; /* * Caller marked the request to be processed * immediately; dispatch it directly to the * driver unless the driver is currently blocked. */ cap = crypto_checkdriver(hid); - if (cap && !cap->cc_qblocked) { - result = crypto_invoke(crp, 0); - if (result == ERESTART) { + /* Driver cannot disappeared when there is an active session. */ + KASSERT(cap != NULL, ("%s: Driver disappeared.", __func__)); + if (!cap->cc_qblocked) { + result = crypto_invoke(cap, crp, 0); + if (result != ERESTART) + return (result); + else { /* * The driver ran out of resources, mark the * driver ``blocked'' for cryptop's and put @@ -689,34 +704,17 @@ * order is preserved but this can place them * behind batch'd ops. */ - crypto_drivers[hid].cc_qblocked = 1; - TAILQ_INSERT_TAIL(&crp_q, crp, crp_next); + cap->cc_qblocked = 1; cryptostats.cs_blocks++; - result = 0; } - } else { - /* - * The driver is blocked, just queue the op until - * it unblocks and the kernel thread gets kicked. - */ - TAILQ_INSERT_TAIL(&crp_q, crp, crp_next); - result = 0; } - } else { - /* - * Caller marked the request as ``ok to delay''; - * queue it for the dispatch thread. This is desirable - * when the operation is low priority and/or suitable - * for batching. - */ - TAILQ_INSERT_TAIL(&crp_q, crp, crp_next); - result = 0; } - if (wasempty && !TAILQ_EMPTY(&crp_q)) + CRYPTO_Q_LOCK(); + if (CRYPTO_Q_EMPTY()) wakeup_one(&crp_q); + TAILQ_INSERT_TAIL(&crp_q, crp, crp_next); CRYPTO_Q_UNLOCK(); - - return result; + return 0; } /* @@ -726,81 +724,73 @@ int crypto_kdispatch(struct cryptkop *krp) { - struct cryptocap *cap; - int result, wasempty; + int result; cryptostats.cs_kops++; + result = crypto_kinvoke(krp); + if (result != ERESTART) + return (result); CRYPTO_Q_LOCK(); - wasempty = TAILQ_EMPTY(&crp_q); - cap = crypto_checkdriver(krp->krp_hid); - if (cap && !cap->cc_kqblocked) { - result = crypto_kinvoke(krp, 0); - if (result == ERESTART) { - /* - * The driver ran out of resources, mark the - * driver ``blocked'' for cryptkop's and put - * the request back in the queue. It would - * best to put the request back where we got - * it but that's hard so for now we put it - * at the front. This should be ok; putting - * it at the end does not work. - */ - crypto_drivers[krp->krp_hid].cc_kqblocked = 1; - TAILQ_INSERT_TAIL(&crp_kq, krp, krp_next); - cryptostats.cs_kblocks++; - } - } else { - /* - * The driver is blocked, just queue the op until - * it unblocks and the kernel thread gets kicked. - */ - TAILQ_INSERT_TAIL(&crp_kq, krp, krp_next); - result = 0; - } - if (wasempty && !TAILQ_EMPTY(&crp_kq)) + if (CRYPTO_Q_EMPTY()) wakeup_one(&crp_q); + TAILQ_INSERT_TAIL(&crp_kq, krp, krp_next); CRYPTO_Q_UNLOCK(); - return result; + return 0; } /* * Dispatch an assymetric crypto request to the appropriate crypto devices. */ static int -crypto_kinvoke(struct cryptkop *krp, int hint) +crypto_kinvoke(struct cryptkop *krp) { + struct cryptocap *cap = NULL; u_int32_t hid; - int error; + int error = 0; - mtx_assert(&crypto_q_mtx, MA_OWNED); + KASSERT(krp != NULL, ("%s: krp == NULL", __func__)); + KASSERT(krp->krp_callback != NULL, + ("%s: krp->crp_callback == NULL", __func__)); - /* Sanity checks. */ - if (krp == NULL) - return EINVAL; - if (krp->krp_callback == NULL) { - free(krp, M_XDATA); /* XXX allocated in cryptodev */ - return EINVAL; - } - + CRYPTO_DRIVER_LOCK(); for (hid = 0; hid < crypto_drivers_num; hid++) { - if ((crypto_drivers[hid].cc_flags & CRYPTOCAP_F_SOFTWARE) && - !crypto_devallowsoft) + cap = &crypto_drivers[hid]; + if (cap == NULL) + continue; + if ((cap->cc_flags & CRYPTOCAP_F_SOFTWARE) && + !crypto_devallowsoft) { + continue; + } + if (cap->cc_kprocess == NULL) continue; - if (crypto_drivers[hid].cc_kprocess == NULL) + if (!(cap->cc_kalg[krp->krp_op] & CRYPTO_ALG_FLAG_SUPPORTED)) continue; - if ((crypto_drivers[hid].cc_kalg[krp->krp_op] & - CRYPTO_ALG_FLAG_SUPPORTED) == 0) + if (cap->cc_kqblocked) { + error = ERESTART; continue; + } + error = 0; break; } + krp->krp_hid = hid; if (hid < crypto_drivers_num) { - krp->krp_hid = hid; - error = crypto_drivers[hid].cc_kprocess( - crypto_drivers[hid].cc_karg, krp, hint); - } else + cap->cc_koperations++; + CRYPTO_DRIVER_UNLOCK(); + error = cap->cc_kprocess(cap->cc_karg, krp, 0); + CRYPTO_DRIVER_LOCK(); + if (error == ERESTART) { + cap->cc_koperations--; + cap->cc_kqblocked = 1; + CRYPTO_DRIVER_UNLOCK(); + cryptostats.cs_kblocks++; + return (error); + } + } else { error = ENODEV; + } + CRYPTO_DRIVER_UNLOCK(); if (error) { krp->krp_status = error; @@ -839,45 +829,31 @@ * Dispatch a crypto request to the appropriate crypto devices. */ static int -crypto_invoke(struct cryptop *crp, int hint) +crypto_invoke(struct cryptocap *cap, struct cryptop *crp, int hint) { - u_int32_t hid; - int (*process)(void*, struct cryptop *, int); + + KASSERT(crp != NULL, ("%s: crp == NULL", __func__)); + KASSERT(crp->crp_callback != NULL, + ("%s: crp->crp_callback == NULL", __func__)); + KASSERT(crp->crp_desc != NULL, ("%s: crp->crp_desc == NULL", __func__)); #ifdef CRYPTO_TIMING if (crypto_timing) crypto_tstat(&cryptostats.cs_invoke, &crp->crp_tstamp); #endif - /* Sanity checks. */ - if (crp == NULL) - return EINVAL; - if (crp->crp_callback == NULL) { - crypto_freereq(crp); - return EINVAL; - } - if (crp->crp_desc == NULL) { - crp->crp_etype = EINVAL; - crypto_done(crp); - return 0; - } - - hid = CRYPTO_SESID2HID(crp->crp_sid); - if (hid < crypto_drivers_num) { - if (crypto_drivers[hid].cc_flags & CRYPTOCAP_F_CLEANUP) - crypto_freesession(crp->crp_sid); - process = crypto_drivers[hid].cc_process; - } else { - process = NULL; - } - - if (process == NULL) { + if (cap->cc_flags & CRYPTOCAP_F_CLEANUP) { struct cryptodesc *crd; u_int64_t nid; /* * Driver has unregistered; migrate the session and return * an error to the caller so they'll resubmit the op. + * + * XXX: What if there are more already queued requests for this + * session? */ + crypto_freesession(crp->crp_sid); + for (crd = crp->crp_desc; crd->crd_next; crd = crd->crd_next) crd->CRD_INI.cri_next = &(crd->crd_next->CRD_INI); @@ -891,7 +867,7 @@ /* * Invoke the driver to process the request. */ - return (*process)(crypto_drivers[hid].cc_arg, crp, hint); + return cap->cc_process(cap->cc_arg, crp, hint); } } @@ -984,16 +960,13 @@ #endif crp->crp_callback(crp); } else { - int wasempty; /* * Normal case; queue the callback for the thread. */ CRYPTO_RETQ_LOCK(); - wasempty = TAILQ_EMPTY(&crp_ret_q); + if (TAILQ_EMPTY(&crp_ret_q)) + wakeup_one(&crp_ret_q); /* shared wait channel */ TAILQ_INSERT_TAIL(&crp_ret_q, crp, crp_next); - - if (wasempty) - wakeup_one(&crp_ret_q); /* shared wait channel */ CRYPTO_RETQ_UNLOCK(); } } @@ -1004,16 +977,24 @@ void crypto_kdone(struct cryptkop *krp) { - int wasempty; + struct cryptocap *cap; if (krp->krp_status != 0) cryptostats.cs_kerrs++; + CRYPTO_DRIVER_LOCK(); + /* XXX: What if driver is loaded in the meantime? */ + if (krp->krp_hid < crypto_drivers_num) { + cap = &crypto_drivers[krp->krp_hid]; + cap->cc_koperations--; + KASSERT(cap->cc_koperations >= 0, ("cc_koperations < 0")); + if (cap->cc_flags & CRYPTOCAP_F_CLEANUP) + crypto_remove(cap); + } + CRYPTO_DRIVER_UNLOCK(); CRYPTO_RETQ_LOCK(); - wasempty = TAILQ_EMPTY(&crp_ret_kq); + if (TAILQ_EMPTY(&crp_ret_kq)) + wakeup_one(&crp_ret_q); /* shared wait channel */ TAILQ_INSERT_TAIL(&crp_ret_kq, krp, krp_next); - - if (wasempty) - wakeup_one(&crp_ret_q); /* shared wait channel */ CRYPTO_RETQ_UNLOCK(); } @@ -1071,6 +1052,7 @@ struct cryptop *crp, *submit; struct cryptkop *krp; struct cryptocap *cap; + u_int32_t hid; int result, hint; CRYPTO_Q_LOCK(); @@ -1083,8 +1065,14 @@ submit = NULL; hint = 0; TAILQ_FOREACH(crp, &crp_q, crp_next) { - u_int32_t hid = CRYPTO_SESID2HID(crp->crp_sid); + hid = CRYPTO_SESID2HID(crp->crp_sid); cap = crypto_checkdriver(hid); + /* + * Driver cannot disappeared when there is an active + * session. + */ + KASSERT(cap != NULL, ("%s: Driver disappeared.", + __func__)); if (cap == NULL || cap->cc_process == NULL) { /* Op needs to be migrated, process it. */ if (submit == NULL) @@ -1114,7 +1102,11 @@ } if (submit != NULL) { TAILQ_REMOVE(&crp_q, submit, crp_next); - result = crypto_invoke(submit, hint); + CRYPTO_Q_UNLOCK(); + hid = CRYPTO_SESID2HID(submit->crp_sid); + cap = crypto_checkdriver(hid); + result = crypto_invoke(cap, submit, hint); + CRYPTO_Q_LOCK(); if (result == ERESTART) { /* * The driver ran out of resources, mark the @@ -1144,7 +1136,9 @@ } if (krp != NULL) { TAILQ_REMOVE(&crp_kq, krp, krp_next); - result = crypto_kinvoke(krp, 0); + CRYPTO_Q_UNLOCK(); + result = crypto_kinvoke(krp); + CRYPTO_Q_LOCK(); if (result == ERESTART) { /* * The driver ran out of resources, mark the --- //depot/vendor/freebsd/src/sys/opencrypto/cryptodev.c 2006/02/27 17:00:34 +++ //depot/user/pjd/geom_classes/sys/opencrypto/cryptodev.c 2006/04/30 22:57:25 @@ -190,25 +190,22 @@ case 0: break; case CRYPTO_MD5_HMAC: - thash = &auth_hash_hmac_md5_96; + thash = &auth_hash_hmac_md5; break; case CRYPTO_SHA1_HMAC: - thash = &auth_hash_hmac_sha1_96; + thash = &auth_hash_hmac_sha1; + break; + case CRYPTO_SHA2_256_HMAC: + thash = &auth_hash_hmac_sha2_256; + break; + case CRYPTO_SHA2_384_HMAC: + thash = &auth_hash_hmac_sha2_384; break; - case CRYPTO_SHA2_HMAC: - if (sop->mackeylen == auth_hash_hmac_sha2_256.keysize) - thash = &auth_hash_hmac_sha2_256; - else if (sop->mackeylen == auth_hash_hmac_sha2_384.keysize) - thash = &auth_hash_hmac_sha2_384; - else if (sop->mackeylen == auth_hash_hmac_sha2_512.keysize) - thash = &auth_hash_hmac_sha2_512; - else { - mtx_unlock(&Giant); - return (EINVAL); - } + case CRYPTO_SHA2_512_HMAC: + thash = &auth_hash_hmac_sha2_512; break; case CRYPTO_RIPEMD160_HMAC: - thash = &auth_hash_hmac_ripemd_160_96; + thash = &auth_hash_hmac_ripemd_160; break; #ifdef notdef case CRYPTO_MD5: @@ -265,8 +262,14 @@ } error = crypto_newsession(&sid, (txform ? &crie : &cria), 1); - if (error) - goto bail; + if (error) { + if (crypto_devallowsoft) { + error = crypto_newsession(&sid, + (txform ? &crie : &cria), 0); + } + if (error) + goto bail; + } cse = csecreate(fcr, sid, crie.cri_key, crie.cri_klen, cria.cri_key, cria.cri_klen, sop->cipher, sop->mac, txform, @@ -465,7 +468,7 @@ goto bail; if (cop->mac && - (error = copyout(crp->crp_mac, cop->mac, cse->thash->authsize))) + (error = copyout(crp->crp_mac, cop->mac, cse->thash->hashsize))) goto bail; bail: --- //depot/vendor/freebsd/src/sys/opencrypto/cryptodev.h 2005/01/07 02:32:16 +++ //depot/user/pjd/geom_classes/sys/opencrypto/cryptodev.h 2006/05/04 11:20:07 @@ -63,6 +63,7 @@ /* HMAC values */ #define HMAC_BLOCK_LEN 64 +#define HMAC_BLOCK_MAXLEN 128 #define HMAC_IPAD_VAL 0x36 #define HMAC_OPAD_VAL 0x5C @@ -94,11 +95,13 @@ #define CRYPTO_ARC4 12 #define CRYPTO_MD5 13 #define CRYPTO_SHA1 14 -#define CRYPTO_SHA2_HMAC 15 -#define CRYPTO_NULL_HMAC 16 -#define CRYPTO_NULL_CBC 17 -#define CRYPTO_DEFLATE_COMP 18 /* Deflate compression algorithm */ -#define CRYPTO_ALGORITHM_MAX 18 /* Keep updated - see below */ +#define CRYPTO_NULL_HMAC 15 +#define CRYPTO_NULL_CBC 16 +#define CRYPTO_DEFLATE_COMP 17 /* Deflate compression algorithm */ +#define CRYPTO_SHA2_256_HMAC 18 +#define CRYPTO_SHA2_384_HMAC 19 +#define CRYPTO_SHA2_512_HMAC 20 +#define CRYPTO_ALGORITHM_MAX 20 /* Keep updated - see below */ /* Algorithm flags */ #define CRYPTO_ALG_FLAG_SUPPORTED 0x01 /* Algorithm is supported */ @@ -209,7 +212,8 @@ struct cryptoini { int cri_alg; /* Algorithm to use */ int cri_klen; /* Key length, in bits */ - int cri_rnd; /* Algorithm rounds, where relevant */ + int cri_mlen; /* Number of bytes we want from the + entire hash. 0 means all. */ caddr_t cri_key; /* key to use */ u_int8_t cri_iv[EALG_MAX_BLOCK_LEN]; /* IV to use */ struct cryptoini *cri_next; @@ -233,7 +237,6 @@ struct cryptoini CRD_INI; /* Initialization/context data */ #define crd_iv CRD_INI.cri_iv #define crd_key CRD_INI.cri_key -#define crd_rnd CRD_INI.cri_rnd #define crd_alg CRD_INI.cri_alg #define crd_klen CRD_INI.cri_klen @@ -305,6 +308,7 @@ /* Crypto capabilities structure */ struct cryptocap { u_int32_t cc_sessions; + u_int32_t cc_koperations; /* * Largest possible operator length (in bits) for each type of @@ -384,5 +388,7 @@ extern void cuio_copydata(struct uio* uio, int off, int len, caddr_t cp); extern void cuio_copyback(struct uio* uio, int off, int len, caddr_t cp); extern struct iovec *cuio_getptr(struct uio *uio, int loc, int *off); +extern int cuio_apply(struct uio *uio, int off, int len, + int (*f)(void *, void *, u_int), void *arg); #endif /* _KERNEL */ #endif /* _CRYPTO_CRYPTO_H_ */ --- //depot/vendor/freebsd/src/sys/opencrypto/cryptosoft.c 2006/04/10 18:26:14 +++ //depot/user/pjd/geom_classes/sys/opencrypto/cryptosoft.c 2006/04/30 17:51:32 @@ -45,39 +45,39 @@ #include #include -u_int8_t hmac_ipad_buffer[64] = { - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, - 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36, 0x36 -}; - -u_int8_t hmac_opad_buffer[64] = { - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, - 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C, 0x5C -}; +u_int8_t *hmac_ipad_buffer; +u_int8_t *hmac_opad_buffer; - struct swcr_data **swcr_sessions = NULL; u_int32_t swcr_sesnum = 0; int32_t swcr_id = -1; -#define COPYBACK(x, a, b, c, d) \ - (x) == CRYPTO_BUF_MBUF ? m_copyback((struct mbuf *)a,b,c,d) \ - : cuio_copyback((struct uio *)a,b,c,d) -#define COPYDATA(x, a, b, c, d) \ - (x) == CRYPTO_BUF_MBUF ? m_copydata((struct mbuf *)a,b,c,d) \ - : cuio_copydata((struct uio *)a,b,c,d) +#define COPYBACK(type, buf, off, size, in) do { \ + switch (type) { \ + case CRYPTO_BUF_CONTIG: \ + bcopy(in, (u_char *)(buf) + (off), size); \ + break; \ + case CRYPTO_BUF_MBUF: \ + m_copyback((struct mbuf *)(buf), off, size, in); \ + break; \ + case CRYPTO_BUF_IOV: \ + cuio_copyback((struct uio *)(buf), off, size, in); \ + break; \ + } \ +} while (0) +#define COPYDATA(type, buf, off, size, out) do { \ + switch (type) { \ + case CRYPTO_BUF_CONTIG: \ + bcopy((u_char *)(buf) + (off), out, size); \ + break; \ + case CRYPTO_BUF_MBUF: \ + m_copydata((struct mbuf *)(buf), off, size, out); \ + break; \ + case CRYPTO_BUF_IOV: \ + cuio_copydata((struct uio *)(buf), off, size, out); \ + break; \ + } \ +} while (0) static int swcr_encdec(struct cryptodesc *, struct swcr_data *, caddr_t, int); static int swcr_authcompute(struct cryptop *crp, struct cryptodesc *crd, @@ -412,13 +412,60 @@ } } - return 0; /* Done with iov encryption/decryption */ + return 0; /* Done with iovec encryption/decryption */ } /* Unreachable */ return EINVAL; } +static void +swcr_authprepare(struct auth_hash *axf, struct swcr_data *sw, u_char *key, + int klen) +{ + int k; + + klen /= 8; + + switch (axf->type) { + case CRYPTO_MD5_HMAC: + case CRYPTO_SHA1_HMAC: + case CRYPTO_SHA2_256_HMAC: + case CRYPTO_SHA2_384_HMAC: + case CRYPTO_SHA2_512_HMAC: + case CRYPTO_NULL_HMAC: + case CRYPTO_RIPEMD160_HMAC: + for (k = 0; k < klen; k++) + key[k] ^= HMAC_IPAD_VAL; + + axf->Init(sw->sw_ictx); + axf->Update(sw->sw_ictx, key, klen); + axf->Update(sw->sw_ictx, hmac_ipad_buffer, axf->blocksize - klen); + + for (k = 0; k < klen; k++) + key[k] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL); + + axf->Init(sw->sw_octx); + axf->Update(sw->sw_octx, key, klen); + axf->Update(sw->sw_octx, hmac_opad_buffer, axf->blocksize - klen); + + for (k = 0; k < klen; k++) + key[k] ^= HMAC_OPAD_VAL; + break; + case CRYPTO_MD5_KPDK: + case CRYPTO_SHA1_KPDK: + sw->sw_klen = klen; + bcopy(key, sw->sw_octx, klen); + axf->Init(sw->sw_ictx); + axf->Update(sw->sw_ictx, key, klen); + axf->Final(NULL, sw->sw_ictx); + break; + default: + printf("%s: CRD_F_KEY_EXPLICIT flag given, but algorithm %d " + "doesn't use keys.\n", __func__, axf->type); + } +} + /* * Compute keyed-hash authenticator. */ @@ -436,6 +483,9 @@ axf = sw->sw_axf; + if (crd->crd_flags & CRD_F_KEY_EXPLICIT) + swcr_authprepare(axf, sw, crd->crd_key, crd->crd_klen); + bcopy(sw->sw_ictx, &ctx, axf->ctxsize); switch (outtype) { @@ -450,6 +500,12 @@ return err; break; case CRYPTO_BUF_IOV: + err = cuio_apply((struct uio *) buf, crd->crd_skip, crd->crd_len, + (int (*)(void *, void *, unsigned int)) axf->Update, + (caddr_t) &ctx); + if (err) + return err; + break; default: return EINVAL; } @@ -457,7 +513,9 @@ switch (sw->sw_alg) { case CRYPTO_MD5_HMAC: case CRYPTO_SHA1_HMAC: - case CRYPTO_SHA2_HMAC: + case CRYPTO_SHA2_256_HMAC: + case CRYPTO_SHA2_384_HMAC: + case CRYPTO_SHA2_512_HMAC: case CRYPTO_RIPEMD160_HMAC: if (sw->sw_octx == NULL) return EINVAL; @@ -483,11 +541,8 @@ } /* Inject the authentication data */ - if (outtype == CRYPTO_BUF_CONTIG) - bcopy(aalg, buf + crd->crd_inject, axf->authsize); - else - m_copyback((struct mbuf *) buf, crd->crd_inject, - axf->authsize, aalg); + COPYBACK(outtype, buf, crd->crd_inject, + sw->sw_mlen == 0 ? axf->hashsize : sw->sw_mlen, aalg); return 0; } @@ -578,7 +633,7 @@ struct enc_xform *txf; struct comp_algo *cxf; u_int32_t i; - int k, error; + int error; if (sid == NULL || cri == NULL) return EINVAL; @@ -652,38 +707,37 @@ txf = &enc_xform_null; goto enccommon; enccommon: - error = txf->setkey(&((*swd)->sw_kschedule), - cri->cri_key, cri->cri_klen / 8); - if (error) { - swcr_freesession(NULL, i); - return error; + if (cri->cri_key != NULL) { + error = txf->setkey(&((*swd)->sw_kschedule), + cri->cri_key, cri->cri_klen / 8); + if (error) { + swcr_freesession(NULL, i); + return error; + } } (*swd)->sw_exf = txf; break; case CRYPTO_MD5_HMAC: - axf = &auth_hash_hmac_md5_96; + axf = &auth_hash_hmac_md5; goto authcommon; case CRYPTO_SHA1_HMAC: - axf = &auth_hash_hmac_sha1_96; + axf = &auth_hash_hmac_sha1; + goto authcommon; + case CRYPTO_SHA2_256_HMAC: + axf = &auth_hash_hmac_sha2_256; + goto authcommon; + case CRYPTO_SHA2_384_HMAC: + axf = &auth_hash_hmac_sha2_384; goto authcommon; - case CRYPTO_SHA2_HMAC: - if (cri->cri_klen == 256) - axf = &auth_hash_hmac_sha2_256; - else if (cri->cri_klen == 384) - axf = &auth_hash_hmac_sha2_384; - else if (cri->cri_klen == 512) - axf = &auth_hash_hmac_sha2_512; - else { - swcr_freesession(NULL, i); - return EINVAL; - } + case CRYPTO_SHA2_512_HMAC: + axf = &auth_hash_hmac_sha2_512; goto authcommon; case CRYPTO_NULL_HMAC: axf = &auth_hash_null; goto authcommon; case CRYPTO_RIPEMD160_HMAC: - axf = &auth_hash_hmac_ripemd_160_96; + axf = &auth_hash_hmac_ripemd_160; authcommon: (*swd)->sw_ictx = malloc(axf->ctxsize, M_CRYPTO_DATA, M_NOWAIT); @@ -698,27 +752,13 @@ swcr_freesession(NULL, i); return ENOBUFS; } - - for (k = 0; k < cri->cri_klen / 8; k++) - cri->cri_key[k] ^= HMAC_IPAD_VAL; - - axf->Init((*swd)->sw_ictx); - axf->Update((*swd)->sw_ictx, cri->cri_key, - cri->cri_klen / 8); - axf->Update((*swd)->sw_ictx, hmac_ipad_buffer, - HMAC_BLOCK_LEN - (cri->cri_klen / 8)); - - for (k = 0; k < cri->cri_klen / 8; k++) - cri->cri_key[k] ^= (HMAC_IPAD_VAL ^ HMAC_OPAD_VAL); - - axf->Init((*swd)->sw_octx); - axf->Update((*swd)->sw_octx, cri->cri_key, - cri->cri_klen / 8); - axf->Update((*swd)->sw_octx, hmac_opad_buffer, - HMAC_BLOCK_LEN - (cri->cri_klen / 8)); - - for (k = 0; k < cri->cri_klen / 8; k++) - cri->cri_key[k] ^= HMAC_OPAD_VAL; + + if (cri->cri_key != NULL) { + swcr_authprepare(axf, *swd, cri->cri_key, + cri->cri_klen); + } + + (*swd)->sw_mlen = cri->cri_mlen; (*swd)->sw_axf = axf; break; @@ -736,20 +776,20 @@ return ENOBUFS; } - /* Store the key so we can "append" it to the payload */ - (*swd)->sw_octx = malloc(cri->cri_klen / 8, M_CRYPTO_DATA, - M_NOWAIT); + (*swd)->sw_octx = malloc(cri->cri_klen / 8, + M_CRYPTO_DATA, M_NOWAIT); if ((*swd)->sw_octx == NULL) { swcr_freesession(NULL, i); return ENOBUFS; } - - (*swd)->sw_klen = cri->cri_klen / 8; - bcopy(cri->cri_key, (*swd)->sw_octx, cri->cri_klen / 8); - axf->Init((*swd)->sw_ictx); - axf->Update((*swd)->sw_ictx, cri->cri_key, - cri->cri_klen / 8); - axf->Final(NULL, (*swd)->sw_ictx); + + /* Store the key so we can "append" it to the payload */ + if (cri->cri_key != NULL) { + swcr_authprepare(axf, *swd, cri->cri_key, + cri->cri_klen); + } + + (*swd)->sw_mlen = cri->cri_mlen; (*swd)->sw_axf = axf; break; #ifdef notdef @@ -768,6 +808,7 @@ } axf->Init((*swd)->sw_ictx); + (*swd)->sw_mlen = cri->cri_mlen; (*swd)->sw_axf = axf; break; #endif @@ -826,7 +867,9 @@ case CRYPTO_MD5_HMAC: case CRYPTO_SHA1_HMAC: - case CRYPTO_SHA2_HMAC: + case CRYPTO_SHA2_256_HMAC: + case CRYPTO_SHA2_384_HMAC: + case CRYPTO_SHA2_512_HMAC: case CRYPTO_RIPEMD160_HMAC: case CRYPTO_NULL_HMAC: axf = swd->sw_axf; @@ -945,7 +988,9 @@ break; case CRYPTO_MD5_HMAC: case CRYPTO_SHA1_HMAC: - case CRYPTO_SHA2_HMAC: + case CRYPTO_SHA2_256_HMAC: + case CRYPTO_SHA2_384_HMAC: + case CRYPTO_SHA2_512_HMAC: case CRYPTO_RIPEMD160_HMAC: case CRYPTO_NULL_HMAC: case CRYPTO_MD5_KPDK: @@ -983,6 +1028,15 @@ static void swcr_init(void) { + u_int i; + + hmac_ipad_buffer = malloc(HMAC_BLOCK_MAXLEN, M_CRYPTO_DATA, M_WAITOK); + for (i = 0; i < HMAC_BLOCK_MAXLEN; i++) + hmac_ipad_buffer[i] = HMAC_IPAD_VAL; + hmac_opad_buffer = malloc(HMAC_BLOCK_MAXLEN, M_CRYPTO_DATA, M_WAITOK); + for (i = 0; i < HMAC_BLOCK_MAXLEN; i++) + hmac_opad_buffer[i] = HMAC_OPAD_VAL; + swcr_id = crypto_get_driverid(CRYPTOCAP_F_SOFTWARE | CRYPTOCAP_F_SYNC); if (swcr_id < 0) panic("Software crypto device cannot initialize!"); @@ -997,7 +1051,9 @@ REGISTER(CRYPTO_NULL_CBC); REGISTER(CRYPTO_MD5_HMAC); REGISTER(CRYPTO_SHA1_HMAC); - REGISTER(CRYPTO_SHA2_HMAC); + REGISTER(CRYPTO_SHA2_256_HMAC); + REGISTER(CRYPTO_SHA2_384_HMAC); + REGISTER(CRYPTO_SHA2_512_HMAC); REGISTER(CRYPTO_RIPEMD160_HMAC); REGISTER(CRYPTO_NULL_HMAC); REGISTER(CRYPTO_MD5_KPDK); @@ -1016,5 +1072,7 @@ if (swcr_sessions != NULL) FREE(swcr_sessions, M_CRYPTO_DATA); + free(hmac_ipad_buffer, M_CRYPTO_DATA); + free(hmac_opad_buffer, M_CRYPTO_DATA); } SYSUNINIT(cryptosoft_uninit, SI_SUB_PSEUDO, SI_ORDER_ANY, swcr_uninit, NULL); --- //depot/vendor/freebsd/src/sys/opencrypto/cryptosoft.h 2005/01/07 02:32:16 +++ //depot/user/pjd/geom_classes/sys/opencrypto/cryptosoft.h 2006/04/09 18:12:53 @@ -32,7 +32,8 @@ struct { u_int8_t *SW_ictx; u_int8_t *SW_octx; - u_int32_t SW_klen; + u_int16_t SW_klen; + u_int16_t SW_mlen; struct auth_hash *SW_axf; } SWCR_AUTH; struct { @@ -48,6 +49,7 @@ #define sw_ictx SWCR_UN.SWCR_AUTH.SW_ictx #define sw_octx SWCR_UN.SWCR_AUTH.SW_octx #define sw_klen SWCR_UN.SWCR_AUTH.SW_klen +#define sw_mlen SWCR_UN.SWCR_AUTH.SW_mlen #define sw_axf SWCR_UN.SWCR_AUTH.SW_axf #define sw_kschedule SWCR_UN.SWCR_ENC.SW_kschedule #define sw_exf SWCR_UN.SWCR_ENC.SW_exf @@ -58,8 +60,8 @@ }; #ifdef _KERNEL -extern u_int8_t hmac_ipad_buffer[64]; -extern u_int8_t hmac_opad_buffer[64]; +extern u_int8_t *hmac_ipad_buffer; +extern u_int8_t *hmac_opad_buffer; #endif /* _KERNEL */ #endif /* _CRYPTO_CRYPTO_H_ */ --- //depot/vendor/freebsd/src/sys/opencrypto/xform.c 2005/08/16 19:01:11 +++ //depot/user/pjd/geom_classes/sys/opencrypto/xform.c 2006/04/30 17:51:32 @@ -187,60 +187,60 @@ /* Authentication instances */ struct auth_hash auth_hash_null = { CRYPTO_NULL_HMAC, "NULL-HMAC", - 0, 0, 12, sizeof(int), /* NB: context isn't used */ + 0, 16, 64, sizeof(int), /* NB: context isn't used */ null_init, null_update, null_final }; -struct auth_hash auth_hash_hmac_md5_96 = { +struct auth_hash auth_hash_hmac_md5 = { CRYPTO_MD5_HMAC, "HMAC-MD5", - 16, 16, 12, sizeof(MD5_CTX), + 16, 16, 64, sizeof(MD5_CTX), (void (*) (void *)) MD5Init, MD5Update_int, (void (*) (u_int8_t *, void *)) MD5Final }; -struct auth_hash auth_hash_hmac_sha1_96 = { +struct auth_hash auth_hash_hmac_sha1 = { CRYPTO_SHA1_HMAC, "HMAC-SHA1", - 20, 20, 12, sizeof(SHA1_CTX), + 20, 20, 64, sizeof(SHA1_CTX), SHA1Init_int, SHA1Update_int, SHA1Final_int }; -struct auth_hash auth_hash_hmac_ripemd_160_96 = { +struct auth_hash auth_hash_hmac_ripemd_160 = { CRYPTO_RIPEMD160_HMAC, "HMAC-RIPEMD-160", - 20, 20, 12, sizeof(RMD160_CTX), + 20, 20, 64, sizeof(RMD160_CTX), (void (*)(void *)) RMD160Init, RMD160Update_int, (void (*)(u_int8_t *, void *)) RMD160Final }; struct auth_hash auth_hash_key_md5 = { CRYPTO_MD5_KPDK, "Keyed MD5", - 0, 16, 12, sizeof(MD5_CTX), + 0, 16, 0, sizeof(MD5_CTX), (void (*)(void *)) MD5Init, MD5Update_int, (void (*)(u_int8_t *, void *)) MD5Final }; struct auth_hash auth_hash_key_sha1 = { CRYPTO_SHA1_KPDK, "Keyed SHA1", - 0, 20, 12, sizeof(SHA1_CTX), + 0, 20, 0, sizeof(SHA1_CTX), SHA1Init_int, SHA1Update_int, SHA1Final_int }; struct auth_hash auth_hash_hmac_sha2_256 = { - CRYPTO_SHA2_HMAC, "HMAC-SHA2", - 32, 32, 12, sizeof(SHA256_CTX), + CRYPTO_SHA2_256_HMAC, "HMAC-SHA2-256", + 32, 32, 64, sizeof(SHA256_CTX), (void (*)(void *)) SHA256_Init, SHA256Update_int, (void (*)(u_int8_t *, void *)) SHA256_Final }; struct auth_hash auth_hash_hmac_sha2_384 = { - CRYPTO_SHA2_HMAC, "HMAC-SHA2-384", - 48, 48, 12, sizeof(SHA384_CTX), + CRYPTO_SHA2_384_HMAC, "HMAC-SHA2-384", + 48, 48, 128, sizeof(SHA384_CTX), (void (*)(void *)) SHA384_Init, SHA384Update_int, (void (*)(u_int8_t *, void *)) SHA384_Final }; struct auth_hash auth_hash_hmac_sha2_512 = { - CRYPTO_SHA2_HMAC, "HMAC-SHA2-512", - 64, 64, 12, sizeof(SHA512_CTX), + CRYPTO_SHA2_512_HMAC, "HMAC-SHA2-512", + 64, 64, 128, sizeof(SHA512_CTX), (void (*)(void *)) SHA512_Init, SHA512Update_int, (void (*)(u_int8_t *, void *)) SHA512_Final }; --- //depot/vendor/freebsd/src/sys/opencrypto/xform.h 2005/01/07 02:32:16 +++ //depot/user/pjd/geom_classes/sys/opencrypto/xform.h 2006/04/08 10:04:43 @@ -36,7 +36,7 @@ char *name; u_int16_t keysize; u_int16_t hashsize; - u_int16_t authsize; + u_int16_t blocksize; u_int16_t ctxsize; void (*Init) (void *); int (*Update) (void *, u_int8_t *, u_int16_t); @@ -85,9 +85,9 @@ extern struct auth_hash auth_hash_null; extern struct auth_hash auth_hash_key_md5; extern struct auth_hash auth_hash_key_sha1; -extern struct auth_hash auth_hash_hmac_md5_96; -extern struct auth_hash auth_hash_hmac_sha1_96; -extern struct auth_hash auth_hash_hmac_ripemd_160_96; +extern struct auth_hash auth_hash_hmac_md5; +extern struct auth_hash auth_hash_hmac_sha1; +extern struct auth_hash auth_hash_hmac_ripemd_160; extern struct auth_hash auth_hash_hmac_sha2_256; extern struct auth_hash auth_hash_hmac_sha2_384; extern struct auth_hash auth_hash_hmac_sha2_512;